xenocide
2015-01-22 19:58:33 +08:00
这是我的iptables,有问题吗?
# tail /etc/sysconfig/iptables
--------------------------------------------------------------------------------# Generated by iptables-save v1.4.7 on Tue Jan 13 03:16:18 2015
*mangle
:PREROUTING ACCEPT [4171:2446379]
:INPUT ACCEPT [4171:2446379]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4137:2969628]
:POSTROUTING ACCEPT [4137:2969628]
COMMIT
# Completed on Tue Jan 13 03:16:18 2015
# Generated by iptables-save v1.4.7 on Tue Jan 13 03:16:18 2015
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 53,158 -j ACCEPT
-A INPUT -p udp -m multiport --dports 53,158 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m multiport --dports 25,109,110,143,465,993,995 -j LOG --log-prefix "IPTABLES:" --log-level 5
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
-A OUTPUT -p tcp -m multiport --dports 25,109,110,143,465,993,995 -j LOG --log-prefix "IPTABLES:" --log-level 5
-A OUTPUT -p tcp -m multiport --dports 25,109,110,143,465,993,995 -j DROP
COMMIT
# Completed on Tue Jan 13 03:16:18 2015